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Period for Reply 

A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) FROM 
THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1 .136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If the period for reply specified above is less than thirty (30) days, a reply within the statutory minimum of thirty (30) days will be considered timely. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 133). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1.704(b). 

Status 

Responsive to communication(s) filed on November 24. 2004 . 
2a)D This action is FINAL 2b)^ This action is non-final. 

3) Q Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 11, 453 O.G. 213. 
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4) ^ Claim(s) 1-30 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) D Claim(s) is/are allowed. 

6) M Claim(s) 1-5.9.10.14-19 and 22-30 is/are rejected. 

7) [X] Claim(s) 6-8.11-13.20 and 21 is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) D The specification is objected to by the Examiner. 

10)D The drawing(s) filed on is/are: a)D accepted or b)D objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1 .85(a). 

Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 
1 1 )□ The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-1 52. 
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application from the International Bureau (PCT Rule 17.2(a)). 
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DETAILED ACTION 

Response to Amendment 
This Office Action is in response to Applicants' Amendment filed on November 24, 2004. 
Claims 1-23 are presented for further examination. Claims 1, 10 and 15 have been amended. 
Newly added claims 24-30 by Applicant are also presented for examination. 



Allowable Subject Matter 

1. Claims 6-8, 11-13, 20 and 21 are objected to as being dependent upon a rejected base 
claim, but would be allowable if rewritten in independent form including all of the limitations of 
the base claim and any intervening claims. 

2. The following is a statement of reasons for the indication of allowable subject matter: 
The prior of record fails to teach neither singularly nor in combination the claimed feature of 
"enterprise rules having a rule to type selected from a positive rule type and a negative rule type, 
the positive rule type explicitly allowing at least one of access and use and the negative rule 
explicitly denying at least one of access and use" as in claims 6-8, 11-13, 20 and 21. 

Claim Rejections - 35 USC § 102 

3. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the 
basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(b) the invention was patented or described in a printed publication in this or a foreign country or in public use or on 
sale in this country, more than one year prior to the date of application for patent in the United States. 
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4. Claims 1-5, 9-10, 14-19 and 22-30 are rejected under 35 U.S.C. 102(b) as being 
anticipated by Deinhart et al (hereinafter, "Deinhart" U.S. Pat. No 5,91 1,143) 

As per claims 1 and 9, Deinhart discloses a method and computer-readable medium 
comprising: 

• creating an enterprise policy object providing an enterprise- wide policy governing at 
least one of resource access and protocol use for a plurality of nodes within a 
networking environment organized within a plurality of arrays (abstract, col. 7, lines 4- 
29 and col. 8, lines 52-65); 

• creating at least one array policy object, each array policy object providing an array- 
wide policy governing resource access for one or more of the plurality of nodes 
organized within a corresponding array (abstract, col. 7, lines 4-29 and col. 8, lines 52- 
65); and 

• for each of one or more of the at least one array policy object, inheriting an instance of 
the enterprise-wide policy as the array-wide policy such that the array-wide policy of 
each array policy object is at least initially set to the enterprise-wide policy (abstract, 
col. 7, lines 4-29 and col. 8, lines 52-65). 

As per claims 10 and 14, Deinhart discloses a method and computer-readable medium 
comprising: 

• creating an enterprise policy object providing an enterprise-wide policy governing 
resource access for a plurality of nodes within a networking environment organized 
within a plurality of arrays (abstract, col. 7, lines 4-29, col. 8, lines 52-65 and col. 9, 
lines 38-50); 
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• creating at least one array policy object, each array policy object providing an array- 
wide policy governing resource access for one or more of the plurality of nodes 
organized within a corresponding array (abstract, col. 7, lines 4-29, col. 8, lines 52-65 
and col. 9, lines 38-50); 

• for each array policy object, inheriting the enterprise-wide policy as the array-wide 
policy such that the array-wide policy of each array policy object is initially set to the 
enterprise-wide policy (abstract, col. 7, lines 4-29, col. 8, lines 52-65 and col. 9, lines 
38-50); and 

• for each of one or more of the at least one array policy object, adjusting the array-wide 
policy after the array-wide policy has inherited the enterprise-wide policy (abstract, col. 
7, lines 4-29, col. 8, lines 52-65 and col. 9, lines 38-50). 

As per claim 2, Deinhart discloses: 

• wherein the enterprise-wide policy includes a plurality of enterprise rules, each 
enterprise rule governing at least one of access to a particular resource and use of a 
particular protocol, each enterprise rule having a rule type selected from a positive rule 
type and a negative rule type, the positive rule type explicitly allowing at least one of 
access and use and the negative rule type explicitly denying at least one of access and 
use (col. 10, lines 14-40). 

As per claim 3, Deinhart discloses: 

• wherein each array-wide policy includes a plurality of array rules at least initially equal 
to the plurality of enterprise rules upon the enterprise-wide policy inherited as each 
array-wide policy (abstract, col. 7, lines 4-29, col. 8, lines 52-65 and col. 9, lines 38-50). 
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As per claim 5, Deinhart further discloses: 

• for each of one or more of the at least one array policy object, adjusting the array-wide 
policy after the array-wide policy has inherited the enterprise-wide policy (abstract, col. 
7, lines 4-29, col. 8, lines 52-65 and col. 9, lines 38-50). 

As per claim 4, Deinhart further discloses: 

• for a requested access via a requested protocol by a node organized within one of the 
plurality of arrays applying the array-wide policy of the policy object corresponding to 
the one of the plurality of arrays to determine whether to allow the requested access via 
the requested protocol, such that the requested access via the requested protocol is 
allowed only where the requested access via the requested protocol is explicitly allowed 
by the plurality of rules and not explicitly denied by the plurality of rules (col. 10, lines 
14-40); 

• allowing the requested access via the requested protocol in response to determining that 
the requested access via the requested protocol is allowed (col. 10, lines 14-40); and 

• denying the requested access via the requested protocol in response to determining that 
the requested access via the requested protocol is not allowed (col. 10, lines 14-40). 

As per claim 15, Deinhart discloses a system for governing resource access among a 
plurality of nodes within a networking environment, at least one or more of the plurality of nodes 
organized within a plurality of arrays, the system comprising: 

• an enterprise-policy object providing an enterprise-wide policy governing resource 
access for nodes organized within at least one or more of the plurality of arrays 
(abstract, col. 7, lines 4-29, col. 8, lines 52-65 and col. 9, lines 38-50); and 
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• at least one array policy object, each array policy object providing an array-wide policy 
governing resource access for nodes organized within a corresponding array, one or 
more of the at least one array policy object inheriting the enterprise-wide policy as the 
array-wide policy such that the array-wide policy is at least initially set to the enterprise- 
wide policy (abstract, col. 7, lines 4-29, col. 8, lines 52-65 and col. 9, lines 38-50). 

As per claim 16, Deinhart discloses: 

• wherein the enterprise-wide policy includes a plurality of enterprise rules, each 
enterprise rule governing at least one of access to a particular resource and use of a 
particular protocol, each enterprise rule having a rule type selected from a positive rule 
type and a negative rule type, the positive rule type explicitly allowing at least one of 
access and use and the negative rule type explicitly denying at least one of access and 
use (col. 10, lines 14-40). 

As per claim 17, Deinhart discloses: 

• wherein the array-wide policy provided by each of the one or more of the at least one 
array policy object includes a plurality of array rules at least initially equal to the 
plurality of enterprise rules upon the enterprise-wide policy inherited as each array-wide 
policy (abstract, col. 7, lines 4-29, col. 8, lines 52-65 and col. 9, lines 38-50). 

As per claim 18, Deinhart discloses: 

• wherein the array-wide policy provided by each of the one or more of the at least one 
array policy object further includes one or more other array rules, each of the one or 
more other array rules having the negative rule type (abstract, col. 7, lines 4-29, col. 8, 
lines 52-65, col. 9, lines 38-50 and col. 10, lines 14-40). 
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As per claim 19, Deinhart discloses: 

• wherein the array-wide policy provided by each of the at least one array policy object 
other than the one or more of the at least one array policy object inheriting the 
enterprise-wide policy does not inherit the enterprise-wide policy (abstract, col. 7, lines 
4-29, col. 8, lines 52-65 and col. 9, lines 38-50). 

As per claim 22, Deinhart further discloses: 

• at least one node policy object, each node policy object providing a node policy 
governing resource access for a corresponding node of the plurality of nodes other than 
the one or more of the plurality of nodes organized within the plurality of arrays 
(abstract, col. 7, lines 4-29, col. 8, lines 52-65 and col. 9, lines 38-50). 

As per claim 23, Deinhart discloses: 

• wherein the node policy includes a plurality of node rules, each node rule governing at 
least one of access to a particular resource and use of a particular protocol, each node 
rule having a rule type selected from a positive rule type and a negative rule type, the 
positive rule type explicitly allowing at least one of access and use and the negative rule 
type explicitly denying at least one of access and use (col. 10, lines 14-40). 

As per claim 24, Deinhart discloses wherein the enterprise-wide policy and the array-wide 
policy are overseen according to one of a plurality of modes comprising: 

• an enterprise-only mode; an integrated mode; an array-only mode; and a stand- alone 
mode (abstract, col. 7, lines 4-29, col. 8, lines 52-65 and col. 9, lines 38-50). 

As per claim 25, Deinhart discloses: 
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• wherein when overseen according to the integrate mode, each array added to the array- 
wide policy beyond those inherited from the enterprise-wide policy is of the negative 
rule type abstract, col. 7, lines 4-29, col. 8, lines 52-65 and col. 9, lines 38-50. 

As per claim 26, Deinhart discloses: 

• wherein the enterprise-wide policy is capable of governing both resource access and 
protocol use (col. 10, lines 14-40). 

As per claim 27, Deinhart discloses wherein governing protocol use comprises: 

• allowing the use of at least one protocol; and denying the use of at least one protocol 
(col. 10, lines 14-40). 

As per claim 28, Deinhart discloses: 

• wherein the enterprise policy object is secured with a first set of security permissions; 
and the array policy object is secured with a second set of security permissions (col. 10, 
lines 14-40). 

As per claims 29, Deinhart discloses wherein each set of policy object security permissions 
comprises: 

• a read permission; a write permission; and a change permission (col. 10, lines 14-40), 
As per claim 30, Deinhart discloses wherein each set of policy object security permissions 

further comprises: 

• a write owner permission; a write discretionary access control permission; and a change 
system access control list permission (col. 10, lines 14-40). 
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Response to Arguments 



4. 



Applicant's arguments with respect to claims 1-30 have been considered but are moot in 



view of the new ground(s) of rejection. 



Conclusion 



5. 



The prior art made of record and not relied upon is considered pertinent to applicant's 



disclosure. 



U.S. Pat. No. 6,647, 388 to Numao et al 
U.S. Pub. No. 5,787,427 to Benantar et al 
U.S. Pub. No. 6,708,276 to Yarsa et al 
U.S. Pat. No. 5,991,877 to Luckenbaugh 

Dirk Jonscher, "Extending access control with duties-realized by active mechanisms", 
pages 91-1 11. June 25, 1997, 

T.C. Ting, S.A. Demurjian and M.Y. Hu, "Requirements, Capabilities, and 
Functionalities of User-Role Based Security for an Object-Oriented Design Model, pages 
275-296, June 25, 1997. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to LaShonda T Jacobs whose telephone number is 703-305-7494. 
The examiner can normally be reached on 8:30 A.M-5:00 P.M.. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ario Etienne can be reached on 703-308-7562. The fax phone number for the 
organization where this application or proceeding is assigned is 703-872-9306. 
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Information regarding the status of an application may be obtained from the Patent 

Application Information Retrieval (PAIR) system. Status information for published applications 

may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 

applications is available through Private PAIR only. For more information about the PAIR 

system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 

system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 

LaShonda T Jacobs 

Examiner 

Art Unit 2157 

Itj 

March 4, 2005 
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